Stuka Stuka - 2 months ago 12
Linux Question

Postfix virtual mailbox with authentication setup allows sending mails from unauthenticated users

I have a problem with my postfix setup that it allows unauthenticated and non-existing users to send mail. Postfix is configured to use virtual mailboxes.
This is what happens:

telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
ehlo server
250-hostname.com
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN CRAM-MD5 LOGIN
250-AUTH=PLAIN CRAM-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN


Sending mail

telnet hostname.com 25
Connected to hostname.com.
Escape character is '^]'.
220 hostname.com ESMTP Postfix (Debian/GNU)
mail from: nonexistinguser@virtual-domain.com
250 2.1.0 Ok
rcpt to: legit-user@virtual-domain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hi this is a mail from fake account
.
250 2.0.0 Ok: queued as BE73115761D
quit
221 2.0.0 Bye
Connection closed by foreign host.


Postfix config:

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

append_dot_mydomain = no

readme_directory = no

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_auth_only=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

myhostname = hostname.com
mydomain = hostname.com
myorigin=$mydomain

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_sender_restrictions = permit_sasl_authenticated,
reject_unauthenticated_sender_login_mismatch

smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination,
reject_unknown_sender_domain
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth-client

virtual_mailbox_domains = /etc/postfix/vhosts
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = hash:/etc/postfix/vmaps
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
message_size_limit = 52428800
virtual_mailbox_limit = 0


The question is: how is it that i can send mail without authentication?

Answer

Postfix will accept message sent to local domains. They can be specified in number of ways one is mydestination parameter in main.cf.

The mydestination parameter specifies what domains this machine will deliver locally, instead of forwarding to another machine.

If you try to send to non local domain using telnet you will receive Relay access denied after issueing rcpt to command.

Comments